China has enacted new security laws that will oblige internet firms to subject their data to stringent surveillance as well as store it on local servers.

The law came into effect on 1st June, having been originally passed in November 2016. While the level of surveillance prescribed is controversial, the law does prevent ISPs from gathering and selling personal information about users that is not relevant to their offerings.

Customers can also demand that their providers delete any of their personal data if they consider it to have been used inappropriately. The state’s Xinhua News Agency noted that “those who violate the provisions and infringe on personal information will face hefty fines.”

However, while the law sets out to protect consumers, foreign firms have argued that it will adversely affect their business in China. In particular, the requirement to store data on Chinese servers could exclude overseas firms from sectors that the government considers critical.

A further restriction would force individual users and companies to receive government permission in order to share news on social media sites or instant messaging apps. This has led to foreign firms pressuring the country’s regulator to postpone the law’s introduction.